Skip to content

github-actions: clarify workflows permissions, set least possible privilege#9928

Closed
diogoteles08 wants to merge 2 commits intocurl:masterfrom
diogoteles08:master
Closed

github-actions: clarify workflows permissions, set least possible privilege#9928
diogoteles08 wants to merge 2 commits intocurl:masterfrom
diogoteles08:master

Conversation

@diogoteles08
Copy link
Contributor

@diogoteles08 diogoteles08 commented Nov 16, 2022

Set top-level permissions to None on all workflows and then set per-job permissions, giving only the necessary ones. This avoids that new jobs inherit unwanted privileges.

Previously most of the workflows did not have written permissions, so their permissions were depending on the permission set as default on the Github repo settings

Discussion: https://curl.se/mail/lib-2022-11/0028.html

@diogoteles08
github-actions: clarify workflows permissions, set least possible pri…
9a973e1 
…vilege

Set top-level permissions to None on all workflows, setting per-job
permissions. This avoids that new jobs inherit unwanted permissions.

Discussion: https://curl.se/mail/lib-2022-11/0028.html

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
@bagder bagder added the CI Continuous Integration label Nov 16, 2022
mback2k
mback2k reviewed Nov 17, 2022
View reviewed changes
@diogoteles08
refactor(github-actions): change instructions order
8232e15 
Exchange order of two instructions in a workflow to keep the same sequence
as in the other workflows.

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
@bagder bagder requested a review from mback2k November 28, 2022 08:12
@bagder
Copy link
Member

bagder commented Dec 2, 2022

@cmeister2 @mback2k any objections to me merging this ?

mback2k
mback2k approved these changes Dec 2, 2022
View reviewed changes
Copy link
Member

@mback2k mback2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bagder
Copy link
Member

bagder commented Dec 2, 2022

Thanks!

@bagder bagder closed this in a2f5a4c Dec 2, 2022
@diogoteles08 diogoteles08 mentioned this pull request Apr 28, 2023
Closed
@vszakats vszakats mentioned this pull request Apr 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mback2k mback2k mback2k approved these changes

@cmeister2 cmeister2 Awaiting requested review from cmeister2

Assignees

No one assigned

Labels

CI Continuous Integration

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diogoteles08 @bagder @mback2k